Cisco Anyconnect VPN Two Factor Authentication - ASA+ISE

We are currently designing an anyconnect two factor VPN solution utilizing AD credentials and ADCS published user certificates for auth.

The solution is currently configured and working, with the ASA performing cert validation and the ISE handling AAA.

I would like to know wheter it is possible for the ASA to pass the certificate validation part of the authentication to theISE instead of having the cert validation happening on the ASA as described in the CVDs. Reason being, we would like to consolidate the auth on the ISE only. We will be running ASA 9.1(2) and ISE 1.2p8.

We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...
view more